Jul 17, 2018
Cloud-based services offer new functionality and efficiency for healthcare organizations, but also bring with them new security considerations for protecting PHI. In this CyberPHIx podcast, Mark Eggleston, VP and Chief Information Security and Privacy Officer of Health Partner Plans discusses implementation strategies for cloud-based applications. Mark and Meditology Services partner, Brian Selfridge discuss the following approaches for managing data security risk within cloud-based applications:
- Identify a business case for securing data in the cloud-environment. Determine if your organization has the experience to implement the cloud-solution internally or might benefit from a third-party with experience in implementing a specific cloud-solution.
- Ensure that Service Level Agreements (SLAs) and Managed Service Agreements (MSAs) with Cloud-Provider include specific security requirements that include scenarios for end-of-service, ongoing risk assessment and downstream data sharing with 4th-party vendors.
- Clearly define user access roles to ensure cloud providers are aligning with the minimum necessary requirements.
- Prepare to educate board-level and senior management about the gaps in security controls with the cloud-providers. Providing a concise, risk management strategy will bolster the security function’s role within the organization.